Vulnerabilities > CVE-2023-39526 - Unspecified vulnerability in Prestashop
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.
Vulnerable Configurations
References
- https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09
- https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pc
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pc